Details of VAR-201809-1085

ID

VAR-201809-1085

CVE

CVE-2018-7107

TITLE

HPE Device Entitlement Gateway In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-010678

DESCRIPTION

A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege

Trust: 1.71

sources: NVD: CVE-2018-7107 // JVNDB: JVNDB-2018-010678 // VULHUB: VHN-137139

AFFECTED PRODUCTS

vendor:	hpe	model:	device entitlement gateway	scope:	eq	version:	3.2.4	Trust: 1.6
vendor:	hpe	model:	device entitlement gateway	scope:	eq	version:	3.3	Trust: 1.6
vendor:	hpe	model:	device entitlement gateway	scope:	eq	version:	3.3.1	Trust: 1.6
vendor:	hewlett packard	model:	hpe device entitlement gateway	scope:	eq	version:	3.2.4	Trust: 0.8
vendor:	hewlett packard	model:	hpe device entitlement gateway	scope:	eq	version:	3.3	Trust: 0.8
vendor:	hewlett packard	model:	hpe device entitlement gateway	scope:	eq	version:	3.3.1	Trust: 0.8

sources: JVNDB: JVNDB-2018-010678 // CNNVD: CNNVD-201809-1228 // NVD: CVE-2018-7107

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7107
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7107
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201809-1228
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-137139
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7107
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-137139
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-7107
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-137139 // JVNDB: JVNDB-2018-010678 // CNNVD: CNNVD-201809-1228 // NVD: CVE-2018-7107

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-137139 // JVNDB: JVNDB-2018-010678 // NVD: CVE-2018-7107

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-1228

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201809-1228

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010678

PATCH

title:	hpesbgn03889en_us	url:	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03889en_us	Trust: 0.8
title:	HPE Device Entitlement Gateway SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85244	Trust: 0.6

sources: JVNDB: JVNDB-2018-010678 // CNNVD: CNNVD-201809-1228

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7107	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-010678	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-1228	Trust: 0.6
db:	VULHUB	id:	VHN-137139	Trust: 0.1

sources: VULHUB: VHN-137139 // JVNDB: JVNDB-2018-010678 // CNNVD: CNNVD-201809-1228 // NVD: CVE-2018-7107

REFERENCES

url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbgn03889en_us	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7107	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7107	Trust: 0.8
url:	https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbgn03889en_us	Trust: 0.1

sources: VULHUB: VHN-137139 // JVNDB: JVNDB-2018-010678 // CNNVD: CNNVD-201809-1228 // NVD: CVE-2018-7107

SOURCES

db:	VULHUB	id:	VHN-137139
db:	JVNDB	id:	JVNDB-2018-010678
db:	CNNVD	id:	CNNVD-201809-1228
db:	NVD	id:	CVE-2018-7107

LAST UPDATE DATE

2024-11-23T21:52:48.634000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-137139	date:	2018-11-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-010678	date:	2018-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201809-1228	date:	2018-09-28T00:00:00
db:	NVD	id:	CVE-2018-7107	date:	2024-11-21T04:11:39.267

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-137139	date:	2018-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-010678	date:	2018-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201809-1228	date:	2018-09-28T00:00:00
db:	NVD	id:	CVE-2018-7107	date:	2018-09-27T18:29:01.017